A basic security plugin for WordPress 4.x, 5.0 or higher. You can selectively disable unused features in WordPress core...

Create a private login URL and hide /wp-login.php with stealth 404s. Logged-out /wp-admin/ visits redirect to your homepage.

Hardens and protects your site by locking down login, REST API, XML‑RPC, file editor, and applying HTTP security headers.

This plugin will check for a user named 'admin' and prompt the user to create a new account.

A simple way to clean and secure WordPress by disabling unnecessary features like comments, XML-RPC, and RSS feeds.

The WeSecur plugin audits and protects your WordPress by daily analyzing malware, blacklists and vulnerabilities that can be exploited to infect your website and blocking attacks and spambots with tools specially designed to protect your WordPress.

Per-user Safe Mode + role-based client restrictions for safer troubleshooting and clean client handoff.

Adds some extra security to your WordPress with only one click.

Firewall, Scanner, Login Protect, block user enumeration and TOR, disable Json WordPress Rest API, xml-rpc (xmlrpc) & Pingback.

Connect your site to Webfiable (webfiable.com) to track config health and get security recommendations. Public early access (white march). Free.

TotalWeb strengthens your site security with malware defense, brute-force protection, firewall rules, and smart hardening controls.

Basic hardening: secure headers, enumeration blocking, generic login errors, IP-based rate limiting, and optional restriction of the REST API.

PF Secure Toolkit is a lightweight, modular plugin to harden WordPress by disabling unnecessary features.

The Sucuri WordPress Security plugin is a security toolset for security integrity monitoring, malware detection and security hardening.